April 17, 2014

Subscribe

Tor’s anonymity network may have to shrink to fight the Heartbleed bug

by John_A

Bad news if you’re relying on the Tor network to evade surveillance or otherwise remain anonymous: you’re not immune from the Heartbleed bug, either. Key developer Roger Dingledine warns that some Tor nodes are running encryption software that’s vulnerable to the flaw, and that they may have to be kicked off the network to safeguard its privacy-minded users. If all the service’s directory operators decide to boot compromised nodes, roughly an eighth of Tor’s capacity could go away — you may well notice the difference.

This wouldn’t be a permanent cut, of course. The service will have to toss out a lot of identity keys (effectively resetting some parts of the network), but Dingledine believes that there may only be a “couple of bumpy days” while Tor recovers. It could take a while after that before everything is completely back to normal, but we wouldn’t worry about the anonymity service’s long-term prospects.